> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Igor Brezac
> What do you think about making EXTERNAL/ldap://127.0.0.1/
> work the same as
> EXTERNAL/ldapi:///? Unix domain sockets on solaris are not
> that great.
> :(
There is no mechanism for passing Unix credentials across an IP socket. The
SASL/EXTERNAL mechanism requires that the external security layer
communicates a user ID from the client to the server; you cannot do this over
an IP socket without a protocol like Kerberos, SSL, etc...
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.comhttp://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support